Blocking network access to abusive KVM guests

How do you usually handle cases where you need to block network access to a specific KVM guest if for example he's sending out spam? (provided you don't have access to networking equipment, but only to your node)

I used to do it with iptables (see below), but with IP Stealing & ARP Attack functionality still not working on SolusVM v1.13.00 and CentOS 6, there's always the change a malicious user finds a free IP, statically configures it and continues his activity.

@Taz said: Why not simply suspend the user? I don't see a reason for you to allow him back if he is being malicious.

Because sending spam can happen accidentally (user got hacked) or on purpose (user is a spammer). I want to provide the user a 24h option to access his VPS through VNC and fix it, in case he got hacked, during which time his network connection will be blocked (and will be re-enabled after verifying that his VPS is clean). If he doesn't respond to the ticket within 24h then he's most probably a spammer, and his service gets suspended.

@George_Fusioned said: How do you usually handle cases where you need to block network access to a specific KVM guest if for example he's sending out spam? (provided you don't have access to networking equipment, but only to your node)

It's practically for IPv6 address "management" only atm. Guests have to be configured manually (ie no DHCPv6), no IP Stealing functionality... and I'm pretty sure this won't change for at least the next 6 months.

@fileMEDIA said: Yeah bad things, i talked with phil a few weeks ago and no ip stealing with ipv6 and dhcpv6 is planned. I hope onapp includes the new iso function very soon (v3), then i go with onapp.

Nice to hear. To be honest I still have an option until the end of October for their old pricing ($100 per cloud + $10 per core / no minimum) since I got in touch with them before they announced their new pricing.
Still considering it though.. :/